Recommendation (3): There exist shortcomings in the specification of DNS wildcards and their usage. The defining RFCs should be examined and modified as necessary with a focus on producing two results: first, clarification of the use of synthesized responses in DNS protocols; second, provision of additional guidance on the use of synthesized responses in the DNS hierarchy.

We see in this two actions for the IETF:

(1) A clarification of the use of synthesized responses in the DNS protocols

and

(2) Additional guidance on the use of synthesized responses in the DNS hierarchy

The IAB believes that the first question is addressed by the creation of draft-ietf-dnsext-wcard-clarify. This was published as version -08 on July 7 2005, and according to the WG Chair this document will be handed over to the IESG this week (i.e. week of Aug 29 2005).

Regarding the second question, it is recognized that the problem lies within the application layer. More specifically, the problem is that applications are written on the expectation that non-existing domain names are to be indicated by a response code of NXDOMAIN, but instead they get NOERROR when querying the DNS. This can produce unintended and undesirable effects in the application behaviour.

Apart from general guidelines, that document outlines issues specific to one case of using synthesized responses in a TLD. Absent technical information clarifying new or different implementations of services using such responses, the IAB doesn’t find any reason to make a new statement.